diff options
| author | Alejandro Soto <alejandro@34project.org> | 2022-12-27 01:21:34 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2022-12-27 01:21:34 -0600 |
| commit | ccbd359a8f9089a1e7a9566fdca62e26a2bb447c (patch) | |
| tree | e248f3a9f848187e80d45baf2bd43ad465733fb0 /sys | |
| parent | 61d433c8e7cc17d5b921329fca9baf7c3d528ade (diff) | |
flake: enforce nixpkgs-fmt
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/auth.nix | 3 | ||||
| -rw-r--r-- | sys/boot.nix | 105 | ||||
| -rw-r--r-- | sys/fs/btrfs.nix | 157 | ||||
| -rw-r--r-- | sys/fs/default.nix | 3 | ||||
| -rw-r--r-- | sys/fs/layout.nix | 57 | ||||
| -rw-r--r-- | sys/net.nix | 3 | ||||
| -rw-r--r-- | sys/options.nix | 5 | ||||
| -rw-r--r-- | sys/users.nix | 3 |
8 files changed, 179 insertions, 157 deletions
diff --git a/sys/auth.nix b/sys/auth.nix index e6e156d..e85543e 100644 --- a/sys/auth.nix +++ b/sys/auth.nix @@ -1,7 +1,8 @@ { lib, config, ... }: with lib; let cfg = config.local; -in { +in +{ config = { security.pam = { oath = { diff --git a/sys/boot.nix b/sys/boot.nix index 9e1ef85..5d37b25 100644 --- a/sys/boot.nix +++ b/sys/boot.nix @@ -1,7 +1,8 @@ { lib, config, ... }: with lib; let cfg = config.local; -in { +in +{ options.local = with lib.types; { loader = mkOption { type = enum [ "grub" "systemd-boot" ]; @@ -40,64 +41,70 @@ in { }; }; - initrd = let - crypt = cfg.crypt.toplevel; - headerPathEscaped = escapeShellArg "/initrd-boot/${crypt.headerFromBoot}"; - in { - availableKernelModules = cfg.initrdModules; - supportedFilesystems = [ "vfat" ]; + initrd = + let + crypt = cfg.crypt.toplevel; + headerPathEscaped = escapeShellArg "/initrd-boot/${crypt.headerFromBoot}"; + in + { + availableKernelModules = cfg.initrdModules; + supportedFilesystems = [ "vfat" ]; - preDeviceCommands = optionalString (crypt != null) '' - mkdir -p `dirname ${headerPathEscaped}` - touch ${headerPathEscaped} - ''; - - preLVMCommands = optionalString cfg.portable '' - sleep 2 #TODO - ''; + preDeviceCommands = optionalString (crypt != null) '' + mkdir -p `dirname ${headerPathEscaped}` + touch ${headerPathEscaped} + ''; - postMountCommands = let - fromRoot = path: escapeShellArg "/mnt-root/${path}"; - auxOpen = aux: '' - cryptsetup -v open \ - --header ${fromRoot aux.header} \ - --key-file ${fromRoot aux.keyfile} \ - ${aux.device} ${aux.target} + preLVMCommands = optionalString cfg.portable '' + sleep 2 #TODO ''; - in concatStringsSep "\n" (map auxOpen cfg.crypt.aux); - luks.devices = mkIf (crypt != null) { - "${crypt.target}" = { - inherit (crypt) device; - header = "/initrd-boot/${crypt.headerFromBoot}"; - preLVM = false; + postMountCommands = + let + fromRoot = path: escapeShellArg "/mnt-root/${path}"; + auxOpen = aux: '' + cryptsetup -v open \ + --header ${fromRoot aux.header} \ + --key-file ${fromRoot aux.keyfile} \ + ${aux.device} ${aux.target} + ''; + in + concatStringsSep "\n" (map auxOpen cfg.crypt.aux); + + luks.devices = mkIf (crypt != null) { + "${crypt.target}" = { + inherit (crypt) device; + header = "/initrd-boot/${crypt.headerFromBoot}"; + preLVM = false; - preOpenCommands = '' - mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot - ''; + preOpenCommands = '' + mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot + ''; - postOpenCommands = '' - umount /initrd-boot - ''; + postOpenCommands = '' + umount /initrd-boot + ''; + }; }; - }; - #network = { - # enable = true; + #network = { + # enable = true; - # ssh = { - # enable = true; - # port = 2234; - # }; - #}; - }; + # ssh = { + # enable = true; + # port = 2234; + # }; + #}; + }; }; - hardware.cpu = let - ucode.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - in { - amd = mkIf (cfg.cpuVendor == "amd") ucode; - intel = mkIf (cfg.cpuVendor == "intel") ucode; - }; + hardware.cpu = + let + ucode.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + in + { + amd = mkIf (cfg.cpuVendor == "amd") ucode; + intel = mkIf (cfg.cpuVendor == "intel") ucode; + }; }; } diff --git a/sys/fs/btrfs.nix b/sys/fs/btrfs.nix index 87c9fca..809d35e 100644 --- a/sys/fs/btrfs.nix +++ b/sys/fs/btrfs.nix @@ -1,15 +1,16 @@ { lib, config, pkgs, ... }: with lib; let cfg = config.local; -in { +in +{ options.local = with lib.types; { snapperSubvols = mkOption { type = attrsOf str; - default = {}; + default = { }; }; fs.btrfs = mkOption { - default = []; + default = [ ]; type = attrsOf (submodule { options = { @@ -35,77 +36,83 @@ in { }; config = { - environment.systemPackages = optional (cfg.snapperSubvols != {}) pkgs.local.btclone; - - fileSystems = let - inherit (cfg) fs; - btrfs = { device, subvol, ssd, ... }: { - inherit device; - fsType = "btrfs"; - options = [ "noatime" "compress=zstd" "subvol=${subvol}" ] ++ optional ssd "ssd"; - }; - in mapAttrs (_: btrfs) cfg.fs.btrfs; - - local.snapperSubvols = let - snapperEntry = path: opts: { name = opts.snapper; value = path; }; - validEntry = _: opts: opts.snapper != null; - in mapAttrs' snapperEntry (filterAttrs validEntry cfg.fs.btrfs); - - services.snapper.configs = let - snapperConfig = _: subvolume: { - inherit subvolume; - - extraConfig = '' - # btrfs qgroup for space aware cleanup algorithms - QGROUP="" - - # fraction of the filesystems space the snapshots may use - SPACE_LIMIT="0.5" - - # fraction of the filesystems space that should be free - FREE_LIMIT="0.2" - - # users and groups allowed to work with config - ALLOW_USERS="" - ALLOW_GROUPS="" - - # sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots - # directory - SYNC_ACL="no" - - # start comparing pre- and post-snapshot in background after creating - # post-snapshot - BACKGROUND_COMPARISON="yes" - - # run daily number cleanup - NUMBER_CLEANUP="yes" - - # limit for number cleanup - NUMBER_MIN_AGE="1800" - NUMBER_LIMIT="100" - NUMBER_LIMIT_IMPORTANT="10" - - # create hourly snapshots - TIMELINE_CREATE="yes" - - # cleanup hourly snapshots after some time - TIMELINE_CLEANUP="yes" - - # limits for timeline cleanup - TIMELINE_MIN_AGE="1800" - TIMELINE_LIMIT_HOURLY="24" - TIMELINE_LIMIT_DAILY="7" - TIMELINE_LIMIT_WEEKLY="4" - TIMELINE_LIMIT_MONTHLY="12" - TIMELINE_LIMIT_YEARLY="10" - - # cleanup empty pre-post-pairs - EMPTY_PRE_POST_CLEANUP="yes" - - # limits for empty pre-post-pair cleanup - EMPTY_PRE_POST_MIN_AGE="1800" - ''; - }; - in mapAttrs snapperConfig cfg.snapperSubvols; + environment.systemPackages = optional (cfg.snapperSubvols != { }) pkgs.local.btclone; + + fileSystems = + let + inherit (cfg) fs; + btrfs = { device, subvol, ssd, ... }: { + inherit device; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "subvol=${subvol}" ] ++ optional ssd "ssd"; + }; + in + mapAttrs (_: btrfs) cfg.fs.btrfs; + + local.snapperSubvols = + let + snapperEntry = path: opts: { name = opts.snapper; value = path; }; + validEntry = _: opts: opts.snapper != null; + in + mapAttrs' snapperEntry (filterAttrs validEntry cfg.fs.btrfs); + + services.snapper.configs = + let + snapperConfig = _: subvolume: { + inherit subvolume; + + extraConfig = '' + # btrfs qgroup for space aware cleanup algorithms + QGROUP="" + + # fraction of the filesystems space the snapshots may use + SPACE_LIMIT="0.5" + + # fraction of the filesystems space that should be free + FREE_LIMIT="0.2" + + # users and groups allowed to work with config + ALLOW_USERS="" + ALLOW_GROUPS="" + + # sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots + # directory + SYNC_ACL="no" + + # start comparing pre- and post-snapshot in background after creating + # post-snapshot + BACKGROUND_COMPARISON="yes" + + # run daily number cleanup + NUMBER_CLEANUP="yes" + + # limit for number cleanup + NUMBER_MIN_AGE="1800" + NUMBER_LIMIT="100" + NUMBER_LIMIT_IMPORTANT="10" + + # create hourly snapshots + TIMELINE_CREATE="yes" + + # cleanup hourly snapshots after some time + TIMELINE_CLEANUP="yes" + + # limits for timeline cleanup + TIMELINE_MIN_AGE="1800" + TIMELINE_LIMIT_HOURLY="24" + TIMELINE_LIMIT_DAILY="7" + TIMELINE_LIMIT_WEEKLY="4" + TIMELINE_LIMIT_MONTHLY="12" + TIMELINE_LIMIT_YEARLY="10" + + # cleanup empty pre-post-pairs + EMPTY_PRE_POST_CLEANUP="yes" + + # limits for empty pre-post-pair cleanup + EMPTY_PRE_POST_MIN_AGE="1800" + ''; + }; + in + mapAttrs snapperConfig cfg.snapperSubvols; }; } diff --git a/sys/fs/default.nix b/sys/fs/default.nix index d24e357..04b8acb 100644 --- a/sys/fs/default.nix +++ b/sys/fs/default.nix @@ -1,7 +1,8 @@ { lib, config, ... }: with lib; let cfg = config.local.fs; -in { +in +{ imports = [ ./btrfs.nix ./layout.nix ]; options.local.fs = with lib.types; { diff --git a/sys/fs/layout.nix b/sys/fs/layout.nix index 897cffe..7e1ac2e 100644 --- a/sys/fs/layout.nix +++ b/sys/fs/layout.nix @@ -1,7 +1,8 @@ { lib, config, ... }: with lib; let cfg = config.local; -in { +in +{ options.local.fs.layout = with lib.types; { sysHddBtrfs = mkOption { default = null; @@ -41,38 +42,40 @@ in { }; config = { - local.fs.btrfs = let - sysHddBtrfs = layout: { - "/" = { - inherit (layout.sys) device ssd; - subvol = layout.sys.root; - }; + local.fs.btrfs = + let + sysHddBtrfs = layout: { + "/" = { + inherit (layout.sys) device ssd; + subvol = layout.sys.root; + }; - "/toplevel" = { - inherit (layout.sys) device ssd; - subvol = layout.sys.toplevel; - }; + "/toplevel" = { + inherit (layout.sys) device ssd; + subvol = layout.sys.toplevel; + }; - "/hdd" = { - inherit (layout.hdd) device; - subvol = "/"; - ssd = false; - }; + "/hdd" = { + inherit (layout.hdd) device; + subvol = "/"; + ssd = false; + }; - "/home" = { - inherit (layout.hdd) device; - subvol = layout.hdd.home; - ssd = false; - snapper = "home"; + "/home" = { + inherit (layout.hdd) device; + subvol = layout.hdd.home; + ssd = false; + snapper = "home"; + }; }; - }; - inherit (cfg.fs) layout; + inherit (cfg.fs) layout; - layoutMaps = [ sysHddBtrfs ]; - layoutOpts = [ layout.sysHddBtrfs ]; - valid = filter ({ snd, ... }: snd != null) (zipLists layoutMaps layoutOpts); - in optionalAttrs (valid != []) ((head valid).fst (head valid).snd); + layoutMaps = [ sysHddBtrfs ]; + layoutOpts = [ layout.sysHddBtrfs ]; + valid = filter ({ snd, ... }: snd != null) (zipLists layoutMaps layoutOpts); + in + optionalAttrs (valid != [ ]) ((head valid).fst (head valid).snd); assertions = [ { diff --git a/sys/net.nix b/sys/net.nix index 30675e0..4075a12 100644 --- a/sys/net.nix +++ b/sys/net.nix @@ -1,7 +1,8 @@ { lib, config, pkgs, ... }: with lib; let cfg = config.local; -in { +in +{ options.local = with lib.types; { hostname = mkOption { type = str; diff --git a/sys/options.nix b/sys/options.nix index f719522..cfb2827 100644 --- a/sys/options.nix +++ b/sys/options.nix @@ -1,7 +1,8 @@ { lib, ... }: with lib.types; let inherit (lib) mkOption; -in { +in +{ options.local = { portable = mkOption { type = bool; @@ -29,7 +30,7 @@ in { }; aux = mkOption { - default = []; + default = [ ]; type = listOf (submodule { options = { device = mkOption { diff --git a/sys/users.nix b/sys/users.nix index 8c8be6b..d446276 100644 --- a/sys/users.nix +++ b/sys/users.nix @@ -1,7 +1,8 @@ { lib, config, pkgs, ... }: with lib; let cfg = config.local; -in { +in +{ config = { sound.enable = true; hardware.pulseaudio.enable = true; |